Mozilla is bending the knee to Russia? Is this real life? Have we stepped into an alternate timeline? Whats going to happen to all the psycho FireFox users when they find out this happened, will they stop screaming at everyone to use FireFox?
I’m not sure what you expect to happen. If they don’t do this, Russia will ban Firefox. And I do think, it’s better for the Russian people to have Firefox available, even if it bends its knee in certain situations. Because I’d wager the alternatives proactively stick their tongue up Putin’s.
Switch to Tor? I dunno of that solves this problem but it’s probably worth switching anyway.
I know it says the extension is not available from the Firefox addon site if using Russian IPs, but I wonder if they have also gone so far as to make the browser itself not be able to install them in other ways. I would guess they have not, since that would mean a complicated setup in terms of the signatures, like they would have to have a separate FF version and set of signatures per country, or use a central server to authenticate things rather than client validation of signatures. In that case it would be easier to find the addon file somewhere other than the store and install it, since using unsigned addons requires installing a whole separate version of Firefox.
Even if that’s how it is this whole thing still illustrates that prohibiting unsigned addons from being installed is user-hostile, because on an ideological level Mozilla probably would use that power to advance state censorship if it came down to it.
Ah yeah, true, getting just the signed XPI should work as well.
And well, it is tricky. The signing requirement allows them to block malicious add-ons, which could also be used for state censorship.
I think, offering a separate path for people to install unsigned extensions, if they need it, while blocking them for the majority and therefore making them inviable for malware to target, that’s in principle a smart compromise.Also, side-note: Folks who are on Linux likely don’t need to install a separate version of Firefox. Linux distros tend to compile with the unsigned extension support enabled (just need to toggle the flag in about:config).
I guess in this case the malware angle means it’s probably better to require signing, since maybe Russia could successfully distribute malicious fake versions of these extensions otherwise. Still, the centralization here is worrying.
@sabreW4K3 that sounds counterproductive to Mozilla’s values. Wonder what russia threatened?
The Intercept has an agenda, and it’s not always good.
Elaborate please?